SHA256_Init(&s);
SHA256_Bytes(&s, p, len);
SHA256_Final(&s, output);
+ smemclr(&s, sizeof(s));
}
/*
return s;
}
-static void sha256_bytes(void *handle, void *p, int len)
+static void *sha256_copy(const void *vold)
+{
+ const SHA256_State *old = (const SHA256_State *)vold;
+ SHA256_State *s;
+
+ s = snew(SHA256_State);
+ *s = *old;
+ return s;
+}
+
+static void sha256_free(void *handle)
+{
+ SHA256_State *s = handle;
+
+ smemclr(s, sizeof(*s));
+ sfree(s);
+}
+
+static void sha256_bytes(void *handle, const void *p, int len)
{
SHA256_State *s = handle;
SHA256_State *s = handle;
SHA256_Final(s, output);
- sfree(s);
+ sha256_free(s);
}
const struct ssh_hash ssh_sha256 = {
- sha256_init, sha256_bytes, sha256_final, 32, "SHA-256"
+ sha256_init, sha256_copy, sha256_bytes, sha256_final, sha256_free,
+ 32, "SHA-256"
};
/* ----------------------------------------------------------------------
* HMAC wrapper on it.
*/
-static void *sha256_make_context(void)
+static void *sha256_make_context(void *cipher_ctx)
{
return snewn(3, SHA256_State);
}
static void sha256_free_context(void *handle)
{
+ smemclr(handle, 3 * sizeof(SHA256_State));
sfree(handle);
}
{
unsigned char correct[32];
hmacsha256_genresult(handle, correct);
- return !memcmp(correct, hmac, 32);
+ return smemeq(correct, hmac, 32);
}
static int sha256_verify(void *handle, unsigned char *blk, int len,
{
unsigned char correct[32];
sha256_do_hmac(handle, blk, len, seq, correct);
- return !memcmp(correct, blk + len, 32);
+ return smemeq(correct, blk + len, 32);
}
const struct ssh_mac ssh_hmac_sha256 = {
sha256_generate, sha256_verify,
hmacsha256_start, hmacsha256_bytes,
hmacsha256_genresult, hmacsha256_verresult,
- "hmac-sha2-256",
- 32,
+ "hmac-sha2-256", "hmac-sha2-256-etm@openssh.com",
+ 32, 32,
"HMAC-SHA-256"
};